Google Professional-Cloud-Network-Engineer Exam Practice Test Instant Access

Question 1

There are two established Partner Interconnect connections between your on-premises network and Google Cloud. The VPC that hosts the Partner Interconnect connections is named "vpc-a" and contains three VPC subnets across three regions, Compute Engine instances, and a GKE cluster. Your on-premises users would like to resolve records hosted in a Cloud DNS private zone following Google-recommended practices. You need to implement a solution that allows your on-premises users to resolve records that are hosted in Google Cloud. What should you do?

AAssociate the private zone to 'vpc-a.' Create an outbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

BConfigure a DNS proxy service inside one of the GKE clusters. Expose the DNS proxy service in GKE as an internal load balancer. Configure the on-premises DNS servers to forward queries for the private zone to the IP address of the internal load balancer.

CUse custom route advertisements to announce 169.254.169.254 via BGP to the on-premises environment. Configure the on-premises DNS servers to forward DNS requests to 169.254.169.254.

DAssociate the private zone to 'vpc-a.' Create an inbound forwarding policy and associate the policy to 'vpc-a.' Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to 'vpc-a.'

Answer : A

Associating the private zone to 'vpc-a' and creating an outbound forwarding policy allows DNS queries to be forwarded from on-premises to Google Cloud DNS. The on-premises DNS servers will forward queries to the entry points created when the forwarding policy was applied to 'vpc-a,' enabling proper name resolution.

Question 2

Your organization has a hub and spoke architecture with VPC Network Peering, and hybrid connectivity is centralized at the hub. The Cloud Router in the hub VPC is advertising subnet routes, but the on-premises router does not appear to be receiving any subnet routes from the VPC spokes. You need to resolve this issue. What should you do?

ACreate custom routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

BCreate custom learned routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

CCreate custom routes at the Cloud Router in the spokes to advertise the subnets of the VPC spokes.

DCreate a BGP route policy at the Cloud Router, and ensure the subnets of the VPC spokes are being announced towards the on-premises environment.

Answer : D

Creating a BGP route policy at the Cloud Router ensures that the subnets of the VPC spokes are properly advertised to the on-premises environment. This allows the on-premises router to receive and use those routes. Without the correct BGP policies, route advertisement may not happen as expected.

Question 3

Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team. You must also make sure the solution can scale. What should you do?

AConfigure VPC Network Peering, and peer one of the VPCs to the service project.

BConfigure a Shared VPC, and create a VPC network in the service project.

CConfigure a Shared VPC, and create a VPC network in the host project.

DConfigure Policy-based Routing for each team.

Answer : C

A Shared VPC allows the central networking team to manage the VPC network while individual teams can manage their resources in service projects. This solution provides scalability by allowing for multiple service projects under the same Shared VPC, and it allows the network team to maintain control over the network resources.

Question 4

You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. Connectivity between the two environments is through the public internet. Your users are reporting intermittent connection errors when using TCP to connect; however, ICMP tests show no failures. According to users, errors occur around the same time every day. You want to troubleshoot and gather information by using Google Cloud tools that are most likely to provide insights into what is occurring within Google Cloud. What should you do?

AEnable the Firewall Insights API. Set the deny rule insights observation period to one day. Review the insights to assure there are no firewall rules denying traffic.

BEnable and review Cloud Logging on your Cloud NAT gateway. Look for logs with errors matching the destination IP address of the public SaaS provider.

CCreate a Connectivity Test by using TCP, the source IP address of your test VM, and the destination IP address of the public SaaS provider. Review the live data plane analysis and take the next steps based on the test results.

DEnable and review Cloud Logging for Cloud Armor. Look for logs with errors matching the destination IP address of the public SaaS provider.

Answer : C

Creating a Connectivity Test using TCP in Network Intelligence Center allows you to simulate the connection to the public SaaS provider and receive real-time data plane analysis. This will help determine whether there are any issues with the network path for the specific TCP connection.

Question 5

You recently deployed Cloud VPN to connect your on-premises data center to Google Cloud. You need to monitor the usage of this VPN and set up alerts in case traffic exceeds the maximum allowed. You need to be able to quickly decide whether to add extra links or move to a Dedicated Interconnect. What should you do?

AIn the Monitoring section of the Google Cloud console, use the Dashboard section to select a default dashboard for VPN usage.

BIn Network Intelligence Center, check for the number of packet drops on the VPN.

CIn the VPN section of the Google Cloud console, select the VPN under hybrid connectivity and then select monitoring to display utilization on the dashboard.

DIn the Google Cloud console, use Monitoring Query Language to create a custom alert for bandwidth utilization.

Answer : D

Using Monitoring Query Language (MQL) to create a custom alert for bandwidth utilization gives you flexibility and precision in setting thresholds. This helps you quickly determine when VPN traffic exceeds the limits, allowing for timely decisions about adding more links or transitioning to a Dedicated Interconnect.

Question 6

Your organization wants to set up hybrid connectivity with VLAN attachments that terminate in a single Cloud Router with 99.9% uptime. You need to create a network design for your on-premises router that meets those requirements and has an active/passive configuration that uses only one VLAN attachment at a time. What should you do?

ACreate a design that uses a BGP multi-exit discriminator (MED) attribute to influence the egress path from Google Cloud to the on-premises environment.

BCreate a design that uses the as_path BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

CCreate a design that uses an equal-cost multipath (ECMP) with flow-based hashing on your on-premises devices.

DCreate a design that uses the local_pref BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

Answer : A

The BGP multi-exit discriminator (MED) attribute is used in BGP configurations to influence the choice of path in an active/passive setup by prioritizing one path over another for egress traffic. This is ideal for a design that uses only one VLAN attachment at a time.

Question 7

Your organization is developing a landing zone architecture with the following requirements:

There should be no communication between production and non-production environments.

Communication between applications within an environment may be necessary.

Network administrators should centrally manage all network resources, including subnets, routes, and firewall rules.

Each application should be billed separately.

Developers of an application within a project should have the autonomy to create their compute resources.

Up to 1000 applications are expected per environment.

You need to create a design that accommodates these requirements. What should you do?

ACreate a design where each project has its own VPC. Ensure all VPCs are connected by a Network Connectivity Center hub that is centrally managed by the network team.

BCreate a design that implements a single Shared VPC. Use VPC firewall rules with secure tags to enforce micro-segmentation between environments.

CCreate a design that has one host project with a Shared VPC for the production environment, another host project with a Shared VPC for the non-production environment, and a service project that is associated with the corresponding host project for each initiative.

DCreate a design that has a Shared VPC for each project. Implement hierarchical firewall policies to apply micro-segmentation between VPCs.

Answer : C

This design allows you to separate production and non-production environments while using Shared VPCs. Each environment has its own Shared VPC, and a service project is associated with each, allowing for separate billing and autonomy for developers. Centralized management of network resources is handled by the host projects.

Google Professional Cloud Network Engineer Exam Practice Test